1. Field of the Invention
The subject invention relates generally to a networked physical security access control system and a method of implementing the same, and, more specifically to a distributed networked physical security access control system and method of implementing the same.
2. Description of the Prior Art
Security access control systems limit access, for example to buildings, areas, mantraps, and doors using credential readers and electric locking mechanisms in conjunction with policies and credentials stored in a central repository. When a credential is presented to the reader, the system grants or denies access based on current policies and the validity and authorization of the credential. Manufacturers deploy these products on a variety of computer servers and workstations. Due to the increased sophistication of these systems over the years, their proprietary nature and wide range of variables including servers, operating system software, and networking, the systems require highly trained and experienced technicians to install, deploy, and maintain.
In addition, many companies have through acquisitions or organic growth increased the number of physical facilities requiring a method to share information with other facilities without requiring constant communication with any one server. Distributed systems require higher levels of software integration and network support previously not required in a traditional single server based deployment increasing training and ongoing support costs. An example of such a distributed security access control system is disclosed in U.S. Pat. No. 6,233,588 to Marchoili et al.
The Marchoili et al. patent discloses a security access control system including a master database and a plurality of regional databases each disclosed in a different region. The master database is in communication with each of the regional databases. Each regional database periodically uploads to the master database any changes in the access control information of the regional database, and the master database periodically downloads from the master database to each regional database any changes in the access control information made by other regions. The master database is maintained identical to the regional databases.
In a system such as that disclosed by the Marchoili et al. patent, the master database is continuously uploading and downloading any changes in access control information. This can be a very costly process in such a large system. Further, the physical security system and its increasing reliance on organization's information technology infrastructure have caused information technology departments to look for ways to reduce time to deploy these systems, minimize impact on information technology resources, and reduce maintenance costs. This requires standard methods for these systems to be deployed and maintained by an organization's information technology department. Also, as information technology deploys network security systems, the opportunity to integrate physical security into these commercial off the shelf products using open standard methods provides additional methods to reduce maintenance costs. An example of such a system is Brivo's econtrol Online Access Control System.
Brivo's system discloses a networked physical security access control system for controlling a security access device comprising a primary network including a user interface being a web browser. A centrally located access server appliance is disposed in communication with the primary network. The access server appliance includes an appliance management module for configuring the access server appliance to a user specified security configuration. The access server appliance provides security to a plurality of remote sites. A method for implementing a networked physical security access control system such as that disclosed by Brivo generally includes the steps of mounting an access server appliance including an appliance management module into a computer system, communicating the access server appliance with a primary network including a user interface, and configuring the appliance management module to a user specified security configuration.
While the Brivo system provides a web-hosted networked physical security access control system, it still relies on a single, central host access server appliance to provide a user specified security configuration to multiple remote sites. There remains the need for a more effective and cost efficient distributed networked physical security access control system.
SUMMARY OF THE INVENTION AND ADVANTAGES
The present invention provides a networked physical security access control system improved by including a plurality of access server appliances in communication with a primary network with the access server appliances being in peer-to-peer communication on the primary network to bridge the access server appliances for providing consistency in each of the access server appliances.
The invention also provides an improved method of implementing a networked physical security access control system by communicating a plurality of access server appliances with the primary network and replicating the appliance management module of an accessed access server appliance in each of the other access server appliances through peer-to-peer communication on the primary network to maintain consistency in the access server appliances in response to configuring the appliance management module of the accessed access server appliance to a user specified security configuration.
The invention provides a distributed networked physical security access control system and a method of implementing the same while leveraging the existing information technology infrastructure and eliminating the requirement of any server or client software to be installed on any computer system. The system communicates with access controllers which in turn communicate with the security access devices.
The invention maintains a user specified security configuration redundantly across all access server appliances using peer-to-peer communication to maintain consistency and high availability without requiring connectivity to a central server. In addition, the invention maintains event and transaction logs redundantly across all access server appliances. The minoring of data supports high availability and high performance by dividing the workload across multiple access server appliances. Events and transactions may also be sent to other systems for processing, review and corrective action.
The invention also provides for a distributed credential database and a distributed policy database across all access server appliances providing multiple locations the ability to access, control, and monitor buildings, areas, and doors without requiring connectivity to a central server. The distributed databases use peer-to-peer communication and directory services to maintain consistency and high availability using industry standard technology.
The invention provides the ability to add, modify, and remove access control policies that govern decision making, reporting, input operations, output operations, and administrative tasks. All modifications are replicated to all other access server appliances to maintain the most up to date policies across the entire system.
The invention serves as a network router and firewall to access controllers and associated hardware preventing attackers from gaining access to devices directly attached to physical assets.
The invention provides a switchover capability such that should a primary access appliance fail, its network interfaces automatically switch to a backup appliance which will continue to operate the security access devices.